November 2, 2004

A little good news about electronic voting

Author: Jay Lyman

The two years leading up to today's U.S. presidential election have not been good
for electronic voting, which is estimated to tally, or at least attempt to tally, about 30 percent of all U.S. votes, or an estimated 50 million ballots. The failures of voting machines and the software they run has been rivaled only by inadequate federal and state election certification procedures that allowed questionable technology to be carrying, or possibly corrupting, American votes. However, after all of the frozen voting terminals, lost software loads, mysteriously found machines, and vendors' efforts to keep it all hushed, there is some good news on e-voting.

No, it's not that it will all be over after today. Actually, it's the exact opposite: in the eyes of e-voting experts, it all begins after November 2, or whenever the election is decided, as the process of evaluating electronic voting is conducted more vigorously and thoroughly this time.

David Wagner, an elections software expert and assistant professor of computer science at the University of California, Berkeley, said the post-election period could prove to be a positive influence on e-voting in light of its tumultuous last two years.

"Once the election is over, we're going to have to do some serious thinking about our e-voting stance," Wagner said, referring to the unprecedented amount of e-voting that will occur this election. "As it moves to January 2005, it's going to be a chance to think more deliberately about e-voting."

Wagner said the next two years will be critical for e-voting, as the messes of the last two years are addressed and funding deadlines for money from the Help America Vote Act (HAVA) and similar directives approach.

Wagner said the most important issues are a broader debate on a voter-verified paper audit trail -- which along with open source code to power voting machines are considered keys to successful, secure e-voting -- and a re-examination of the election machine certification process.

"Given all of the flaws that escaped detection, it shows the current system is inadequate," Wagner said. "I think we're going to start to see efforts on that. The past nine months, we couldn't consider changes because there wasn't time with the election."

Code disclosure a start

A number of major vendors recently submitted millions of lines of code to the National Institute of Standards and Technology (NIST) at the request of the Election Assistance Commission
(EAC), a federal agency that serves as a national clearinghouse for election issues. The code disclosure has had limited impact because of a late start and looming election.

"My sense is that these machines never should have been federally certified or state qualified in the first place," said Lawrence Livermore National Lab computer scientist and e-voting expert David Jefferson, who advises California Secretary of State Kevin Shelley on the matters. "They should never have been certified. This was a rush to the adoption of new technology. [Vendors] saw three billion dollar signs and thought they could build something and sell it. They were right."

Nevertheless, Jefferson said the post-election period may provide government and election officials, vendors, and experts such as him a chance to right that wrong, or "right" in this case. "Congress and the vendors and the standards bodies and people in the [computer science] community will be all the more energized for another round of even more profound attention," Jefferson said.

Jefferson cited as an example the Diebold AccuVote TSX systems that were certified for California before being permanently de-certified before use in the election, saying they suffered from numerous issues: inadequate cryptography, single security keys coded into the source code, dumb smart cards that could be easily faked for voter ID, and connectivity not only to the Internet, but also to the telephone lines, potentially allowing any device -- including a laptop -- to act as a voting terminal via dialup modem. The actual direct recording electronic (DRE) system that captures votes -- found by fellow e-voting expert Avi Rubin of Johns Hopkins University to contain Swiss cheese-like code -- was also written with a faulty protocol that could be easily faked, according to Jefferson.

"There were many problems big and small, including that the code itself was poorly written," Jefferson said. "The people who wrote it didn't have the slightest clue about security. It certainly isn't high quality software and not software on which you want to put the security of the United States."

Jefferson also referred to Diebold's GEMS operating system software as inadequate for trustworthy voting. "The architecture of GEMS was simply not designed to protect against insider fraud or external attack whatsoever," Jefferson said. "Most of the issues have been known for over a year," Jefferson he added. "Diebold claims to have fixed them, but we don't have any real verification they have fixed them."

Getting another crack

Jefferson, who described a U.S. e-voting certification process that is more outdated than Diebold's crypto system, indicated both technology and bureaucracy will need some shaking up. "We need to reconsider the certification process from the ground up," he said. California will be conducting code reviews for any vendors wishing to deploy machines in the state.

Wagner also said he expects to see greater involvement from the EAC, which through Commissioner Paul DeGregorio highlighted the need to consider open source in an interview with NewsForge last April.

Although he lamented the e-voting course of the U.S. so far and predicted problems in the current election, e-voting expert Avi Rubin said he thinks the problems can be solved.

"I think this country adopted electronic voting before some of the hard problems were solved," Rubin said in an email. "I think that we will have an election where we will not be able to verify the votes. The security problems are overwhelming, and they have not been addressed.

"I think the problems can be solved," he said. "They just have not been solved yet."

"I think we're going to see a lot of activity," Wagner said. "There will be more serious and more sweeping reviews of code. A lot of it hinges on how this election goes. I hope it goes good and there aren't glitches, but if we have disputes and lawsuits, it could be another kick in the rear to get things going."


  • Open Source
Click Here!